AMENDMENTS TO THE CLAIMS: 



This listing of the claims will replace all prior versions, and listings, of the claims in this 
application^ 

Listing of Claims: 

1. (Currently Amended) A network comprising: 

an internal secured portion comprising a virtual private network certificate authority ; 
an external portion; 

at least one mobile node in the external portion; 
at least a first gateway; and 

at least a second gateway, where the internal secured portion connects via the first 
gateway and the second gateway to the external portion, and 

the network is configured to change a the gateway, which the mobile node uses to 
communicate with the internal secured portion, from the first gateway to the second gateway in 
response to movement of the mobile node and in response to a receipt from the mobile node of a 
new care-of-address that is different from a first care-of-address. 

2. (Currently Amended) A network as claimed in claim 1, further configured to transfer context 
information usable by the at least first gateway a gat e way in communications with the mobile 
node, to the second gateway. 

3. (Previously Presented) A network as claimed in claim 2, wherein the context information 
includes an identifier of the mobile node. 

4. (Previously Presented) A network as claimed in claim 3 wherein the identifier is a home 
address of the mobile node. 

5. (Previously Presented) A network as claimed in claim 2, wherein the context information 
includes material for defining secure communication means by which information is transferable 
securely between the mobile node in the external portion of the network and the internal secured 



portion of the network, via the second gateway. 



6. (Previously Presented) A network as claimed in claim 5, wherein the secure communication 
means is a security association pair between the second gateway and the mobile node. 

7. (Previously Presented) A network as claimed in claim 2, wherein the context information is 
transferred from a location that is physically separate from the first gateway. 

8. (Previously Presented) A network as claimed in claim 2, further configured to transfer 
information to the mobile node for enabling communications between the mobile node and the 
second gateway. 

9. (Previously Presented) A network as claimed in claim 8 wherein the information transferred to 
the mobile node enables secure communication means by which information is transferable 
securely between the mobile node in the external portion of the network and the internal secured 
portion of the network, via the second gateway. 

10. (Previously Presented) A network as claimed in claim 9, wherein the secure communication 
means is a security association pair between the mobile node and the second gateway. 

11. (Previously Presented) A network as claimed in claim 8, wherein the information transferred 
to the mobile node comprises an address of the second gateway. 

12. (Previously Presented) A network as claimed in claim 8, wherein the information transferred 
to the mobile node is transferred between the first gateway and the mobile workstation using an 
existing security association between the mobile node and the first gateway. 

13. (Previously Presented) A network as claimed in claim 1 wherein the second gateway 
comprises one or more databases which are updated to enable the internal secured portion of the 
network and the mobile node in the external portion of the network to communicate via the 
second gateway. 
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14. (Previously Presented) A network as claimed in claim 13, wherein the one or more databases 
are a security policy database and a security association database. 

15. (Previously Presented) A network as claimed in claim 1 wherein the mobile node comprises 
one or more databases which are updated to enable the internal secured portion of the network 
and the mobile node in the external portion of the network to communicate via the second 
gateway. 

16. (Previously Presented) A network as claimed in claim 15, wherein the one or more databases 
are a security policy database and a security association database. 

17. (Currently Amended) A network as claimed in claim 1 further configured to detect a present 
location of the mobile node and change the gateway initiate a chang e in th e gateway through 
which the mobile node communicates with the internal secured portion of the network, from the 
first gateway to a better gateway. 

18. (Previously Presented) A network as claimed in claim 17, wherein the better gateway is better 
because it is either closer to the mobile node or it is optimal for routing existing sessions. 

19. (Cancelled) 

20. (Cancelled) 

21. (Cancelled) 

22. (Currently Amended) A network as claimed in claim 17, further configured to detect a 
present location via a location detection means from a source that is separate from the first 
gateway. 

23. (Currently Amended) A network as claimed in claim 22, further configured to transfer 
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information via transfer means from a sourc e that is physically separate from the first gateway 
and wherein the transfer means and the location detection means th e source to transf e r 
information and the source to d e t e ct a pr e s e nt location are housed together. 

24. (Previously Presented) A network as claimed in claim 1 wherein the first gateway and the 
second gateway are in distinct physically separated segments of the network. 

25. (Previously Presented) A network as claimed in claim 1, wherein the mobile node 
communicates with the internal secured portion of the network via the first gateway and also via 
the second gateway simultaneously for a transition period, before communicating via the second 
gateway only. 

26. (Previously Presented) A network as claimed in claim 1 wherein the mobile node is involved 
in a session with a correspondent node. 

27. (Previously Presented) A network as claimed in claim 26, wherein the correspondent node is 
located in the internal secured portion of the network and the mobile node is located in the 
external portion of the network. 

28. (Currently Amended) A method comprising: 

determining when a first serving gateway^ through which a mobile node communicates 
from an external portion of a network with an internal secured portion of the network, is sub- 
optimal; 

identifying a second gateway; and 

in response to the mobile node moving and sending a new care-of-address that is different 
from a first care-of-address to the first serving gateway, transferring the gateway through which 
the mobile node communicates with the internal portion of the network from the first serving 
gateway to the second gatewa y, wherein the internal secured portion comprises a private virtual 
network certificate authority . 
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29. (Currently Amended) A mobile node comprising: 

means for receiving configured to r e c e ive , via a first secure communication means, an 
identifier of a second gateway; and 

means for changing and furth e r configur e d to change from communicating with an the 
internal secured portion of the network through the first gateway to communicating via the 
second gateway, in response to moving and sending a new care-of-address that is different from a 
first care-of-address to the first gatewa y, wherein the internal secured portion comprises a private 
virtual network certificate authority . 

30. (Currently Amended) The network as claimed in claim 23, further comprising means 
configured for using a first secure communication means by which information is transferable 
securely between the internal secured portion of the network and the mobile node via the first 
gateway, to receive an identifier of the second gateway. 

31. (Currently Amended) The network as claimed in claim 23, further comprising means 
configur e d for using a second secure communication means to transfer information securely 
between the internal secured portion of the network and the mobile node via the second gateway. 

32. (Currently Amended) A method comprising: 

moving in an external portion of a network, where the network comprises an internal 
secured portion, the external portion, at least a first gateway, and at least a second gateway; 

obtaining a location identifier, where the location identifier comprises a new care-of- 
address different from a first care-of-address; 

sending the new care-of-address to the first gateway; and 

in response to receiving an acknowledgement from the second gateway, communicating 
via the second gatewa y, wherein the internal secured portion comprises a private virtual network 
certificate authority . 

33. (Currently Amended) A method comprising: 

receiving a new care-of-address that is different from a first care-of-address by from a 
mobile node that has moved in a network; and 
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updating a location database in order to change an identification of a the first gateway to 
an identification of a second gateway that the mobile node uses to communicate from an external 
portion of the network to an internal secured portion of the networ k, wherein the internal secured 
portion comprises a private virtual network certificate authority , 

34. (Currently Amended) An apparatus comprising configured to : 

means for receiving r e c e ive a new care-of-address that is different from a first care-of- 
address by from a mobile node that has moved in a network; and 

means for updating updat e a location database in order to change an identification of a 
the first gateway to an identification of a second gateway that the mobile node uses to 
communicate from an external portion of the network to an internal secured portion of the 
network , wherein the internal secured portion comprises a private virtual network certificate 
authority . 

35. (New) A network as claimed in claim 1 wherein the network is a virtual private network. 

36. (New) A virtual private network certificate authority, comprising: 

means for forming first and second security associations with a mobile node; 
means for updating a location database; and 

means for forming first and second security associations with a gateway node. 
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